Obey safe repr for exceptions

rollbar/__init__.py

@@ -630,7 +630,7 @@ def _report_exc_info(exc_info, request, extra_data, payload_data, level=None):
             'frames': frames,
             'exception': {
                 'class': cls.__name__,
-                'message': text(exc),
+                'message': _transform(exc),
             }
         }
     }
@@ -864,7 +864,7 @@ def _add_locals_data(data, exc_info):
             # Fill in all of the named args
             for named_arg in named_args:
                 if named_arg in local_vars:
-                    args.append(local_vars[named_arg])
+                    args.append(_transform(local_vars[named_arg], key=(named_arg,)))
 
             # Add any varargs
             if arginfo.varargs is not None:

rollbar/test/contrib/flask/test_flask.py

@@ -87,7 +87,7 @@ def test_uncaught(self, send_payload):
 
             self.assertIn('body', data)
             self.assertEqual(data['body']['trace']['exception']['class'], 'Exception')
-            self.assertStringEqual(data['body']['trace']['exception']['message'], 'Uh oh')
+            self.assertStringEqual(data['body']['trace']['exception']['message'], str(type(Exception('Uh oh'))))
 
             self.assertIn('person', data)
             self.assertDictEqual(data['person'],
@@ -115,7 +115,7 @@ def test_uncaught_json_request(self, send_payload):
 
             self.assertIn('body', data)
             self.assertEqual(data['body']['trace']['exception']['class'], 'Exception')
-            self.assertStringEqual(data['body']['trace']['exception']['message'], 'Uh oh')
+            self.assertStringEqual(data['body']['trace']['exception']['message'], str(type(Exception('Uh oh'))))
 
             self.assertIn('person', data)
             self.assertDictEqual(data['person'],

rollbar/test/test_rollbar.py

@@ -127,7 +127,7 @@ def _raise():
         self.assertIn('body', payload['data'])
         self.assertIn('trace', payload['data']['body'])
         self.assertIn('exception', payload['data']['body']['trace'])
-        self.assertEqual(payload['data']['body']['trace']['exception']['message'], 'foo')
+        self.assertEqual(payload['data']['body']['trace']['exception']['message'], str(type(Exception())))
         self.assertEqual(payload['data']['body']['trace']['exception']['class'], 'Exception')
 
         self.assertNotIn('args', payload['data']['body']['trace']['frames'][-1])
@@ -744,6 +744,27 @@ def test_modify_arg(self, send_payload):
 
         self.assertEqual('changed', called_with_frame['args'][0])
 
+    @mock.patch('rollbar.send_payload')
+    def test_scrub_arg(self, send_payload):
+
+        def sensitive_call(username, password):
+            step1()
+
+        try:
+            sensitive_call('user', 'secret')
+        except:
+            rollbar.report_exc_info()
+
+        self.assertEqual(send_payload.called, True)
+
+        payload = json.loads(send_payload.call_args[0][0])
+        frames = payload['data']['body']['trace']['frames']
+        called_with_frame = frames[1]
+
+        self.assertEqual('user', called_with_frame['args'][0])
+        self.assertNotEqual('secret', called_with_frame['args'][1])
+        self.assertRegex(called_with_frame['args'][1], r'\*+')
+
     @mock.patch('rollbar.send_payload')
     def test_unicode_exc_info(self, send_payload):
         message = '\u221a'
@@ -757,7 +778,6 @@ def test_unicode_exc_info(self, send_payload):
         payload = json.loads(send_payload.call_args[0][0])
         self.assertEqual(payload['data']['body']['trace']['exception']['message'], message)
 
-
     @mock.patch('requests.post', side_effect=lambda *args, **kw: MockResponse({'status': 'OK'}, 200))
     def test_serialize_and_send_payload(self, post=None):
         invalid_b64 = b'CuX2JKuXuLVtJ6l1s7DeeQ=='